Social Proof is in the Pudding: The (Non)-Impact of Social Proof on Software Downloads

Abstract

Open-source software is widely used in commercial applications. Paired with the fact that developers often use social proof as a cue when choosing which open-source software to use, these two facts raise concerns that bad actors can game social proof metrics to induce the use of malign software. Here we study questions around the effects of such gaming using two field experiments on the largest developer platform, GitHub. To examine the impact of social proof, we bought ‘stars’ for a random set of GitHub repositories containing recently created Python packages, and estimated their impact on package downloads and broader repository activity. We find no discernible impact on downloads, nor on forks, pull requests, issues, or other measures of developer engagement. In our second field experiment, we manipulated the number of human downloads for Python packages. Again, we find no detectable effect on subsequent downloads or on any measure of repository activity. Our findings suggest that modest manipulation of social proof does not detectably shift developer adoption, though the threat may grow at higher manipulation intensities and in less-scrutinized contexts such as agentic coding, motivating platform signals that are harder to fake.